Call for peer review / edits on stable sections (was RE: [OWASP-GUIDE] Fw: OWASP Guide translation)

Andrew van der Stock vanderaj at greebo.net
Wed Apr 6 19:45:33 EDT 2005


Well, the closer things are to the front, the less likely they are to
change. However, there has yet to be significant technical and grammatical
checking in any section.

I want to put to bed several sections, so if anyone has time, I'd really
appreciate peer review of the following chapters (in English):

* Introduction
* About the Open Web Application Security Project
* Secure Coding Principles
* Common high level development issues
  - up to and including the Black Art of Credit Card Handling. 
  - the last couple of bits need a permanent home and I don't know where
they belong just yet
* Authentication
* Authorization

If we can get those chapters stable and fixed, I'll be happier. It
represents about 45% of the total content so far, and that's a good start to
having it locked down and finished by June 14.

The major changes between a6 and a7 are:

* re-ordered several parts, added one extra. In fact, I think we're still
missing "error handling", which should probably go in the logging chapter
* Completed threat modeling text
* New phishing section (peer reviewed by Dr Neal Krawetz)
* Session management chapter was changed to be in Top 10 format (not
complete)
* Moved parameter injection and now it's called Interpreter Injection. The
specific tampering of parameters in get, post, headers and cookies will move
to data validation. In a8, there will be a new section called "XML
injection" as I've been thinking about a pen test I did late last year where
I injected XML to do the equivalent of SQL injection.
* Bumped up the content of many sections down the back, but that's still
woefully incomplete.

I have received a copy of a6 by Abraham Kang this morning. I will look that
over and incorporate his changes in there.

Thanks,
Andrew

> -----Original Message-----
> From: Juan C Calderon [mailto:johnccr at yahoo.com]
> Sent: Thursday, 7 April 2005 12:57 AM
> To: Andrew van der Stock
> Cc: Andrew van der Stock; owasp-guide at lists.sourceforge.net; Juan Carlos
> Subject: Re: [OWASP-GUIDE] Fw: OWASP Guide translation
> 
> great Andrew,
> 
> Could you give me a small overvew of the advance in
> every section? this is I'd like to know what sections
> are less likely to be modified, so we can start
> working on it and dont have to make a lot of changes
> when the document is ready.
> 
> Regards,
> JC






More information about the Owasp-guide mailing list